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Safety Improvement 

• NASA is developing and implementing 
safety improvements in all its activities: 

- Mission design 

- Mission operation 

- Occupational safety 

- Etc. 

• Decisions regarding where and how 
improvements are implemented to optimally 
enhance safety are discussed here 
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Rule- vs. Performance-based Decisions 
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• Prescriptive (Rule based): Decide based on 
rules dictated by experience or tradition 

> Example : Use double failure tolerance (triple redundancy) 
in design for all safety related systems to increase safety 

• Performance based: Decide based on 
performance measures (metrics) that are related to 
risk 

> Example : Conduct a PRA and use levels of failure tolerance 
(or redundancy) in design that are consistent with the risk 
importance of the system (e.g., higher levels of redundancy 
for systems with higher risk contribution 
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Safety Thresholds and Safety Goals 
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• Safety Thresholds are used for risk 
acceptability decisions; not meeting these 
values is not acceptable 


• Safety Goals are directions to drive safety 
improvements to; it is desirable but not 
mandatory to meet these values 
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Safety Thresholds and Safety Goals 
(cont’d) 



• Collectively, safety goal and threshold help 

- Designers with safety performance allocation 

- Decision makers to deal with safety-related 
decisions 

• Risk acceptance 

• Risk mitigation 

• Safety optimization 
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Integration of Safety Analysis Techniques 
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supporting systems 
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Safety Regimes and Safety Decisions 



Standard of “Optimally and Sufficiently Safe” Standard of “Minimally Safe Level” 

More than this May have diminishing return Less than this would be “unacceptable" 

G0AL TRESHOLD 


SAFE ENOUGH 


SAFETY OPTIMIZATION 


• Keep alert for 

enhancements, but focus 
more on maintaining the 
good safety level that 
has been been achieved 



Actively pursue safety 
improvements via risk tradeoff 
studies 

Actively identify unaccounted- 
for hazards via precursor 
analysis 
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Aggregate Frequency of Scenarios Leading to Loss of Crew 
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Role of Commercial Provider (CP) and Role of NASA^f 


Performed by 
NASA 

Performed by CP 

Performed jointly 
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Safety Requirements Input to Design 



• Safety Goals 


• Safety Requirements 


• Technical Requirements 


• Process Requirements 


• Analysis Protocols and tools for Safety 


Requirement Demonstration and Optimization 


Safety Case 

Acceptance 

• Very high confidence 
that system is 
acceptable 

♦ High confidence that 
system is optimal 


Deployment 








Risk-Informed Safety Case (RISC) 



A documented body of evidence that provides a 
convincing and valid argument that... 

1. Applicable safety standards and requirements are met 

- The design is executed to the specifications indicated, 

- The system is operated in accordance with specified operational rules and 
practices (e.g., system / mission-specific flight rules), 

- Programmatic and Risk Management activities provide ongoing assurance 
of satisfaction of allocated safety performance 

- Operating experience is analyzed to assure, to the extent possible, that 
unaccounted-for hazards are identified and controlled if necessary 
through modifications to design or operating practice (precursor analysis) 

AND 

2. A given system is adequately and optimally safe for a given application in a 
given environment, 

AND 

3. A process of system optimization has been carried out to identify and 
implement net-beneficial improvements 


System designers are encouraged to continuously optimize (throughout the lifecycle), not 

just comply with requirements. 

The goal is to be “optimally safe enough”- this is a safety philosophy 
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Performance-Based Launch Decisions 


• Decisions regarding launch safety should be based on 
safety performance measures, e.g. the probability of loss 
of crew, p(LOC) 

• The total p(LOC) for the mission is: 

p(LOC) = p(LOC) ascent + p(LOC) orbj , + p(LOC) entry 

• A good measure for a safety comparison among space 
vehicles is the p(LOC) fljght , the p(LOC) value for only the 
flight portion of the mission, i.e. 

P(LOC)f| ight _ p(LOC) 

ascent + PfLOCjgp^y 

The p(LOC) orbit varies depending on the length of the 
mission 
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Safety Goal and Threshold 
Evaluation Protocol 

• Analysis protocol is: 

- Use model (e.g., success criteria) and show you are good 
enough 

- Analysis insensitive to credible modeling perturbations and 
realistically foreseeable new information (i.e., is robust). 

• Evaluation protocol is: 

- Verify that RISC (or subset) meets our acceptance criteria, 
safety goal, and safety threshold 

• Protocol will include reviews at key decision points: 

- Review is on the RISC, which provides the technical 
argument that the system will be operated at a level of 
safety consistent with deterministic and probabilistic safety 
criteria 

- As additional evidence is gathered, design may be judged 
to meet (or not) safety thresholds 
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